Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Memory Forensics for Pentesters: Firefox

This is part one in a series of presentations I will be giving at the NoVAHackers meetings on forensics of all kinds as it can be leveraged in a penetration test.

  • Login to see the comments

Memory Forensics for Pentesters: Firefox

  1. 1. Memory Forensics for Penetration Testers
  2. 2. Memory Sizes • 1 GB (Netbook standard) • 2 GB (Old standard) • 4 GB (Laptop standard now) • Forensics don’t care, they deal with HDDs • Sneaky Sneaky!
  3. 3. Memory Sizes • 1 GB (Netbook standard) • 2 GB (Old standard) • 4 GB (Laptop standard now) • Forensics don’t care, they deal with HDDs • Sneaky Sneaky!
  4. 4. 32 bit vs 64 bit • Annoying
  5. 5. Per-process Memory Dumping • PMD • (P)rocess (M)emory (D)umper SURPRISE! • EvilFingers (https://www.evilfingers.com/) • Since v1.2 it’s gone gooey. • Still awesome but useless at a prompt.
  6. 6. PWD
  7. 7. PMDump • http://ntsecurity.nu/toolbox/pmdump/
  8. 8. Firefox • You know..
  9. 9. Firefox • You know..
  10. 10. Firepassword • http://securityxploded.com/ firepassword.php • or you could do it the easy way: • http://carnal0wnage.blogspot.com/ 2010/06/firefox-saved-passwords.html
  11. 11. Master Password :-(
  12. 12. FireMaster • http://securityxploded.com/firemaster.php
  13. 13. dump firefox memory definitely smaller but be careful
  14. 14. strings FTW! strings firefox.mem | sed ‘/^.{30}/d’ | sort -u | sed ‘/$’”/ `echo r` /” > firefoxdictionary.txt
  15. 15. win!
  16. 16. Questions?

×